Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
tmp
-
Size
97KB
-
Sample
230309-wmp26ahe53
-
MD5
95e03ae51a6671e98b8461dc1ad766eb
-
SHA1
3968a825dbda1b2998f89018c163a5e16fbdc3f3
-
SHA256
23f70436d5d45e4abfd9763a73a43637a51192bb1ad95df790b6ebb3dd4060d1
-
SHA512
bd12655eb446251a76ddf49a68efadaa30f13cf905323dac0992a652679e745cad881e72df95b63c26b833cf2c5a7c51f8aa10da90291843a24a9b4180e4da26
-
SSDEEP
1536:fEzhNlLbVUKs23ZS0M5Gw/B4dIR/2rS4eCurntMJI8MY4:8z5LbVUz2RM5GfrS4eC6teIHB
Static task
static1
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20230220-en
Malware Config
Extracted
redline
MIX-3
167.235.133.96:43849
-
auth_value
5809bfc38a41ac4369f75ca7762ad9c9
Targets
-
-
Target
tmp
-
Size
97KB
-
MD5
95e03ae51a6671e98b8461dc1ad766eb
-
SHA1
3968a825dbda1b2998f89018c163a5e16fbdc3f3
-
SHA256
23f70436d5d45e4abfd9763a73a43637a51192bb1ad95df790b6ebb3dd4060d1
-
SHA512
bd12655eb446251a76ddf49a68efadaa30f13cf905323dac0992a652679e745cad881e72df95b63c26b833cf2c5a7c51f8aa10da90291843a24a9b4180e4da26
-
SSDEEP
1536:fEzhNlLbVUKs23ZS0M5Gw/B4dIR/2rS4eCurntMJI8MY4:8z5LbVUz2RM5GfrS4eC6teIHB
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-